Hello, Docbyters! Happy May, and welcome to the latest edition of our newsletter.
In this issue, we explore what everybody’s been talking about: eIDAS2. Also referred to as the European Identification and Trust Services Regulation, this new Regulation (EU) 2024/1183 of the European Parliament was finally published this past April 30th and will enter into force this month, on May 20th!
eIDAS2 is essentially establishing the European Digital Identity Framework. This signifies a trust framework for a digital future, offering the building blocks for a secure digital economy.
Following the publication, there will be deadlines for implementing acts related to the revised regulation. The dates mentioned are:
- Nov 20, 2024, for Batch 1 of implementation acts: includes detailed rules and regulations to facilitate the uniform implementation of the eIDAS2 legislation.
- May 20, 2025, for Batch 2 of implementation acts: including RTS (Regulatory Technical Standards) and ITS (Implementing Technical Standards) on content, timelines, and templates for incident reporting, plus Guidelines on aggregated costs.
- Nov 20 2026, for Mandatory Issuance of EUDI Wallets by member states.
- Nov 20 2027, for Mandatory Acceptance by relying parties.
eIDAS2 & Archiving
Regarding Electronic Archiving, eIDAS outlines protocols for preserving information during its legal retention period, ensuring authenticity, legibility, and integrity.
To establish legal certainty, a framework for Qualified Electronic Archiving (QeA) services is deemed necessary, drawing inspiration from existing trust services regulations.
eIDAS mandates secure preservation of electronic data and documents, irrespective of their origin, with stringent requirements for qualified electronic archiving services.
These services must ensure the trustworthiness of digitally signed or sealed information throughout the preservation period, possibly leveraging other qualified trust services.
While Member States may maintain specific national provisions for internal archive services, eIDAS integrates electronic archiving into trust services, incorporating specific requirements such as integrity, confidentiality, and proof of origin preservation.
Additionally, it introduces automated integrity confirmation reports for retrieved data, enhancing transparency and accountability.
Through these measures, eIDAS2 seeks to bolster digital trust and streamline electronic archiving practices across the European Union.
Why it Matters for Businesses
- Businesses must comply with eIDAS2 regulations regarding electronic identification and trust services, ensuring the security and integrity of digital transactions.
- eIDAS2 ensures that electronic data and documents are securely archived.
- eIDAS2 mandates the availability of a Digital Identity Wallet to every citizen in the EU by 2024, impacting businesses’ digital identity management strategies. Member states are expected to comply with the mandatory issuance of EUDI wallets by Nov 20, 2026, and mandatory acceptance by relying parties by Nov 20, 2027.
- Businesses need to ensure their electronic identification systems are interoperable across the EU and prioritise security measures to protect citizens’ data.
In light of these developments, it’s key to redirect our attention towards ensuring the successful implementation of this regulation. eIDAS2 is reshaping the digital landscape, and businesses must stay compliant.
Happy to inform you,
The Docbyte Team